Systems and methods for administering policies for physical locations

ABSTRACT

A method for receiving verification that a source is authorized to provide mobile-computing-device policies for a first physical location. The method may include receiving a first mobile-computing-device policy and identifying the first physical location. The method may also include associating the first mobile-computing-device policy with the first physical location and implementing, based on the verification, the first mobile-computing-device policy at the first physical location. Systems and computer-readable media for verifying that a source is authorized to provide mobile-computing-device policies for a first physical location are also disclosed.

BACKGROUND

In the age of instant communication and information exchange, managingthe settings of portable devices may be a significant challenge forindividuals and enterprises. Network device settings may be difficult tomanage because of the increasing complexity of networks and networkdevices. In particular, location owners may face the challenge ofmanaging network device settings of mobile devices that enter theirlocations. For example, cell phones and laptops in a library may beallowed for the benefit of patrons, but left unregulated they may provea distraction and disturbance to other patrons. However, traditionalpolicy management and administration may be insufficient for allowingthe library, or any other location owner or manager, to manage portablecomputing device usage on their property.

Traditional policy management may include both policy definition andpolicy enforcement. Policy definition may refer to the tools ortechniques that allow administrators to define how a network device maybe controlled. The second component of traditional policymanagement—policy enforcement—may refer to the tools or techniques thatenforce policy definitions. The automated nature of policy enforcementmay reduce the time and effort an administrator spends monitoring anetwork or network device.

Administrators may implement traditional policy management throughfixed-policy enforcement. To implement fixed-policy enforcement, anetwork administrator may define a set of fixed policies for a networkdevice. The set of fixed policies does not change, regardless of thelocation or status of the network device, unless the networkadministrator makes the policy change. While fixed-policy enforcementmay be somewhat effective for a small network with a small number ofnon-portable network devices, fixed-policy enforcement may not beparticularly useful to administrators managing portable network devices.

One policy management technique that attempts to address the limitationsof fixed-policy enforcement is Network Location Awareness (NLA). NLA maychange policy definitions for a device when the device changes networks.NLA may involve technology that allows a device to detect a network,receive a set of policy definitions for that network, then enforce thepolicies on the device. For example, a laptop with NLA may include oneset of policy definitions that corresponds to a home network and anotherset of definitions that corresponds to a work network. NLA may providesome flexibility over fixed policy in managing portable-computingnetwork devices, but growth and expansion in network environments anduse of portable devices may present challenges that neither fixed policyor NLA may address.

NLA and other traditional network-policy management techniques may havelimited capabilities in traditional networks and may be even lesseffective in attempts to control mobile-computing devices within certainphysical locations. For example, NLA may be ineffective where amobile-computing device may be in multiple physical locations but stillconnected to a single network (e.g., a municipal or 3G network). Thus,location owners and managers may need more effective tools to controlnetwork devices within their locations.

SUMMARY

Embodiments of the instant disclosure may address various disadvantagesand problems with prior network device administration and may alsoprovide various other advantages and features. For example, someembodiments may verify that a source is authorized to providemobile-computing-device policies for a physical location. In at leastone embodiment, verifying that a source is authorized to providemobile-computing device policies for a physical location may compriseaccessing a database to verify that the source is authorized to providea first policy for the first physical location. In other embodiments,verifying that a source is authorized to provide mobile-computing devicepolicies for a physical location may comprise receiving a confirmationthat the source is authorized to provide the first policy for the firstphysical location.

Certain embodiments may provide third-party verification that a sourceis authorized to create and modify mobile-computing device policies fora physical location. Such verification may allow for sources (e.g.,administrators) to control mobile device policies for their locations byaccess to a central control server through an internet interface.

In at least one embodiment, a computer-implemented method may comprisereceiving verification that a source is authorized to providemobile-computing-device policy for a first physical location. The methodmay also comprise receiving a first mobile-computing-device policy,identifying the first physical location, and associating the firstmobile-computing-device policy with the first physical location. Themethod may further comprise implementing, based on the verification, thefirst mobile-computing-device policy at the first physical location.

In at least one embodiment, the source may be a location-policyadministrator, and the location-policy administrator may be authorizedto provide the first policy for the location. In various embodiments,receiving the first mobile-computing-device policy comprises identifyingthat the first mobile-computing-device policy is received from thelocation-policy administrator.

Embodiments of the instant disclosure provide various methods, systems,and computer-readable media for allowing a source to managemobile-device settings for a physical location. Some embodiments mayprovide improved mobile device management and control capabilities forlocation owners. Various embodiments may verify that the administratoris authorized to provide mobile-computing device policy for a physicallocation. Various embodiments may combine some or all of these featuresand/or may provide alternative or additional features.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings illustrate a number of exemplary embodimentsand are a part of the specification. Together with the followingdescription, these drawings demonstrate and explain various principlesof the instant disclosure.

FIG. 1 is a block diagram of a system configured to receive verificationfrom a source according to at least one embodiment.

FIG. 2 is a flow diagram of a computer-implemented method capable ofreceiving verification that a source is authorized to providemobile-computing-device policy according to certain embodiments.

FIG. 3 is a flow diagram of a computer-implemented method for receivingverification that a source is authorized to providemobile-computing-device policy for physical locations according tocertain embodiments.

FIG. 4 is a flow diagram of a computer-implemented method for receivingmultiple policies and identifying multiple locations according to atleast one embodiment.

FIG. 5 is a flow diagram of a computer-implemented method for receivingand implementing policies for multiple sub-regions according to anadditional embodiment.

FIG. 6 is a block diagram of a physical location with multipleboundaries according to an additional embodiment.

FIG. 7 is a block diagram of a physical location with multiplesub-regions according to an additional embodiment.

FIG. 8 is a flow diagram of an exemplary computer-implemented method forimplementing mobile-computing-device policies according to an additionalembodiment.

FIG. 9 is a block diagram of an exemplary computing system capable ofimplementing one or more of the embodiments described and/or illustratedherein.

FIG. 10 is a block diagram of an exemplary computing network capable ofimplementing one or more of the embodiments described and/or illustratedherein.

Throughout the drawings, identical reference characters and descriptionsindicate similar, but not necessarily identical, elements. While theexemplary embodiments described herein are susceptible to variousmodifications and alternative forms, specific embodiments have beenshown by way of example in the drawings and will be described in detailherein. However, the exemplary embodiments described herein are notintended to be limited to the particular forms disclosed. Rather, theinstant disclosure covers all modifications, equivalents, andalternatives falling within the scope of the appended claims.

DETAILED DESCRIPTION

The following description discusses methods and systems for receivingverification that a source is authorized to providemobile-computing-device policies for a physical location, and thefollowing examples and figures may enable and describe these methods ina non-limiting and exemplary manner. Location owners may need moreefficient and effective technologies to regulate the usage ofmobile-computing devices that enter their properties, and the instantdisclosure provides the following examples and figures as ways to meetand overcome such challenges.

Prior technologies may provide individual device owners with some degreeof device control, but concerns beyond individual device management mayrequire technologies capable of regulating device usage at a locationlevel. While some current tools and technologies may attempt to givelocation owners some degree of control, it may be difficult to definepolicies for mobile-computing-device usage without applying a method forverifying that a source (e.g., a location owner) of the location isauthorized to provide policies. Also, there may be a need for moreintuitive and effective ways to allow sources to define usage policies.For example, internet-based interfaces may provide an intuitive andeffective method for receiving policies and location identifiers.

Defining geographical areas to implement policies for mobile-computingdevices may pose another challenge to current technologies. Methods thatallow for creative and intuitive identifying of geographical areas inwhich to implement a policy may save time and money. For example, alocation owner may manage a building in close proximity to otherbuildings. Such proximity may require technologies that can definepolicy areas with more accuracy and specificity.

The above problems, concerns, and solutions provided above arenon-limiting and exemplary in nature and are not intended to limit thescope of the instant disclosure. The following description addresses theabove as well as other problems in a non-limiting way.

FIG. 1 is an illustration of exemplary system 100 capable of receivingverification from a source and implementing mobile-computing-devicepolicy based on that verification. For example, a library may utilize aserver-based system similar to exemplary system 100 in order to betterregulate mobile-computing-device policy on library premises. The systemmay include verifying that the library administrator is authorized toprovide mobile-computing device policy for the library. For example, anindependent party may verify that the library administrator is in chargeof policy and authorized to provide policy for the library.

Exemplary system 100 may include a computing device 102. Computingdevice 102 may include policy module 104, location module 106,policy-location-information database 108, implementation module 110, andverification mechanism 112. Computing device 102 may comprise computercode operable to perform various embodiments of the instant disclosure.

Policy module 104 may be configured to receive a firstmobile-computing-device policy, and location module 106 may beconfigured to identify a first physical location. Policy module 104 mayreceive a single policy or multiple policies and store the policies inpolicy-location-information database 108. Likewise, location module 106may identify a single or multiple physical locations and store thelocations in policy-location-information database 108.Policy-location-information database 108 may also store other dataregarding the first mobile-computing-device policy, the first physicallocation, and/or the associations between the policy and location, aswill be discussed in FIG. 2.

Implementation module 110 may be configured to enforce, based on theverification, the first mobile-computing-device policy at the firstphysical location. In some embodiments, implementation module 110 may belocated on a mobile-computing device. In various embodiments,implementation module 110 may be served-based software, or may be partof the server and/or the mobile-computing device. The mobile computingdevice may include, without limitation, a laptop, a mobile phone, or apersonal digital assistant.

Verification mechanism 112 may be configured to verify authorization ofa source. For example, verification mechanism 112 may be responsible forverifying a person who claims to have authority to administer policy ata school is actually authorized to do so. In some embodiments,verification mechanism 112 may include elements separate from computingdevice 102. For example, verification mechanism 112 may include softwarethat tells a device to send a letter to the physical address of a firstphysical location. Verification mechanism 112 may also send the letteritself or cause the letter to be sent.

FIG. 2 illustrates a method 200 for receiving verification that a sourceis authorized to provide mobile-computing-device policy for a firstphysical location and then implementing, based on that verification, thefirst mobile-computing device policy with the first physical location.Method 200 may be implemented using a system similar to exemplary system100. Each step in the method may be performed by a computing device suchas computing device 102, and the steps of method 200 may occur in adifferent order than illustrated in FIG. 2.

At step 210, in some embodiments the verification mechanism may receiveverification that a source is authorized to providemobile-computing-device policy for a first physical location. Receivingverification may comprise receiving verification that a source isauthorized. Receiving verification may also include verifying that thesource is authorized. For example, in one embodiment the verificationmechanism may verify the source is authorized by contacting the owner ofa hospital and verifying that the hospital owner is authorized toprovide mobile-computing device policy for the hospital. In someembodiments, the process of verifying that a source is authorized may beperformed separate from the verification mechanism, and the verificationmechanism may simply receive the verification. In alternativeembodiments, the verification mechanism may access a database to verifythat the source is authorized to provide policies for the physicallocation. For example, a third party may verify that that hospital owneris authorized to provide policy for a hospital and store thatinformation in a database. The verification mechanism may then accessand search the database to verify that the hospital owner may providepolicy for the hospital.

The phrase “mobile-computing-device policy” may refer generally to theoverall mobile-computing-device policy of the first physical location,which may include multiple policies. In some embodiments, the phrase mayrefer to the area in which the policies may be implemented. For example,the hospital owner may be authorized to provide the physical location ofthe hospital as well as the policies that should be enforced within thatphysical location. In some embodiments, the hospital owner may donothing more than define the physical locations for amobile-computing-device policy to be implemented.

At step 220, a computing device, such as computing device 102 in FIG. 1,may receive a first mobile-computing-device policy. Thefirst-mobile-computing-device policy may be setting policies or usagepolicies. Examples of policies may include, but are not limited to, aringer setting, a lighting setting, an incoming call setting, anoutgoing call setting, a power setting, an email setting, a voicemailsetting, a sound setting, a network setting, a network access setting, anetwork usage setting, a camera setting, a global positioning systemsetting, a messaging setting, a bluetooth setting, an infrared dataassociation setting, an installed application setting, a built-inapplication setting, and/or a communication setting. In variousembodiments, the first mobile-computing-device policy may contain atleast one of the above examples.

In some embodiments, the policy may be received from the source throughan internet-based interface. For example, the hospital owner may access,via the internet, a server similar to computing device 102. Policymodule 104 may be server-based software configured to provide thehospital owner with a graphical user interface for inputting the policy.In some embodiments, the hospital owner may select the policy from a setof pre-defined policies. Policy module 104 may then store the policy ina database similar to policy-location-information database 108 alongwith any other relevant information or data concerning the policy.

At step 230 of FIG. 2, a computing device such as computing device 102in FIG. 1 may identify the first physical location. In variousembodiments, the physical location may generally refer to a real worldlocation. For example, the real-world physical location of the hospitalmay be referred to as the first physical location. The process ofidentifying may be performed in various non-limiting embodiments. In oneembodiment, identifying the first physical location may be receiving,from the source, geographical coordinates of the first physicallocation. In some embodiments, indentifying the first physical locationmay include receiving, from the source, boundaries of the first physicallocation. In another embodiment, indentifying the first physicallocation may include receiving, from the source, an address of the firstphysical location. The above embodiments for identifying the firstphysical location will be discussed in greater detail below with thedescription corresponding to FIGS. 4-7.

The identification of the first physical location may be stored in adatabase similar to policy-location-information database 108. Forexample, geographical coordinates identifying the boundaries of thehospital may be stored in a database along with policy information. Atstep 240 of method 200, a computing device similar to computing device102 in FIG. 1 may associate the first mobile-computing-device policywith the first physical location and may store these associations in adatabase similar to policy-location-information database 108.

At step 250, a computing device similar to computing device 102 of FIG.1 may implement, based on the verification (step 210), the firstmobile-computing-device policy at the first physical location. Methodsand systems for implementing mobile-computing-device policy aredescribed with greater detail in connection to FIG. 8.

In some embodiments, the source may be a location-policy administratorauthorized to provide the first policy for the first location. Examplesof location-policy administrators may include, but are not limited to,owners of restaurants, principals of schools, owners of hospitals,administrators or owners of churches, airport administrators, theaterowners, or any other person or group authorized to provide policy fortheir respective locations.

In various embodiments, receiving the first mobile-computing-devicepolicy may include identifying that the first mobile-computing-devicepolicy is received from the location-policy administrator. For example,the principal of a school may be required to provide a login usernameand password to access an internet-based interface capable of receivinga policy for the location.

The following discussion provides an example of how the principles ofFIGS. 1 and 2 may be implement. A principal of a school may desire toregulate the use of mobile-computing devices on school grounds. Theprincipal may wish to provide a policy that turns the ringer setting ofcell phones off. At step 210 of FIG. 1, a computing device similar tocomputing device 102 in FIG. 1 may verify that the principal isauthorized to provide mobile-computing-device policy for the school. Theprincipal, in this example, may have already been verified as authorizedby a third party and the verification mechanism have received thisverification.

At step 220, a policy module may receive a policy from the principaldefining that the ringer settings are to be turned off for all cellphones while on school premises. At step 230, a location module mayreceive an address of the school from the principal. In someembodiments, the location module may be configured to receive an addressand identify, based on the address, the physical location (e.g.,geographical coordinates or boundaries) of the school. At step 240, theno-ring setting for cell phones may be associated with the schoolboundaries and stored in a database similar topolicy-location-information database 108. At step 250, an implementationmodule may enforce the mobile-computing-device policy within theboundaries of the school.

In certain embodiments, the computing device may contain pre-definedpolicies for certain physical locations. For example, the computingdevice may contain a pre-defined policy for all schools. The computingdevice may, upon discovering that the location is a school, associatethe pre-defined policy with geographical coordinates that correspond tothe school. Thus, the principal may only need to specify that the firstphysical location is a school, and the pre-defined policy associatedwith schools may be automatically applied.

FIG. 3 illustrates an exemplary method 300 for receiving verificationthat a source is authorized to provide mobile-computing-device policyfor a first physical location. Method 300 shows exemplary communicationsbetween a source 302 and a verification mechanism 304. In someembodiments, source 302 may be a client device or terminal accessible bya location owner, a location-policy administrator, or any person orsource authorized to provide policies for a physical location. Forexample, the manager of a restaurant may be a source authorized todefine policies for the first physical location (e.g., the restaurant)

In some embodiments, verification mechanism 304 may be any mechanismconfigured to send notifications to a source, receive confirmations froma source, and/or verify that the source is authorized to providemobile-computing-device policy. For example, verification mechanism 304may be software capable of identifying when verification of a source isneeded and may prompt mail to be sent to the physical address. The mailmay include a password for a policy-administrator account or otherinformation that the source may used to confirm that the source receivedthe mail and/or is authorized to provide policies for the physicallocation. In some embodiments, the mail may direct the source to call averification phone number or reply by mailing a letter to a verificationadministrator.

Verification mechanism 304 may also include software capable ofidentifying when confirmation mail has been returned or when a sourcehas been verified over the phone. For example, the locationadministrator of a school may either mail back a notificationconfirmation or call to verify over the phone. A verificationadministrator may store verification information in a databaseconfigured to allow a computing device, such as computing device 102,retrieve verification information.

At step 310, verification mechanism 304 may send a notification tosource 302 in any of methods previously discussed. At step 320, thesource may receive confirmation information contained within thenotification. Confirmation information may be any information that isrequired to be returned or verified by the source in order to completethe authorization process. Confirmation may include, but is not limitedto, personal identification numbers (PINs), passwords, identificationinformation, confirmation numbers, or any other suitable informationthat may be returned or provided by the source in order to complete theverification process.

At step 330, verification mechanism 304 may receive confirmation fromthe source. In certain embodiments, confirmation may be received via anysuitable method including mail, email, third party verification, ortelephone verification. After receiving the confirmation information,the verification mechanism may store the confirmation.

As noted in the previous example, the principal of a school may want toregulate the usage of cell-phones. In one embodiment, the principal mayhave provide policies and location information before being verified asa source authorized to provide policies for the school. Upon receivingthe policies and location information, the verification mechanism mayinitiate a verification process before implementing the policies for theschool. In some embodiments, verification mechanism 304 may poll adatabase (e.g., policy-location-information database 108) to determinewhether the principal is authorized to provide policies for the school.In other embodiments, the verification mechanism may send a notificationto a physical address of the school, as previously discussed.

FIG. 4 illustrates and exemplary method 400 for receiving multiplepolicies and identifying multiple locations. A system similar toexemplary system 100 may be used to implement one or more of the stepsin FIG. 4. At step 410, a verification mechanism may receiveverification that a source is authorized to providemobile-computing-device policy for a first physical location. At step420, a policy module may receive a first mobile-computing device policy.At step 430, a location module may identify the first physical location.A computing device similar to computing device 102 may then associatethe first mobile-computing-device policy with the first physicallocation (step 440).

At step 450, the location module may receive a set of geographicalcoordinates that correspond to a sub-region within the first physicallocation. For example, the location module may receive a set of 5coordinates that define a boundary for a school (first physicallocation), and then a set of 4 coordinates that define a library area(sub-region) within the school. At step 460, the policy module mayreceive a second mobile-computing-device policy. For example, aprincipal may choose a “no-ring” setting for the first policy and a “noincoming calls” setting for the second policy. At step 470, thecomputing device may associate the second mobile-computing-device policywith the sub-region. At step 480, the implementation module mayimplement, based on the verification, the first mobile-computing devicepolicy at the first physical location.

In many scenarios it may be advantageous to define policies for multiplesub-regions within a first physical location. Location administrators,for example, may be able to regulate each part of their location withtighter control. FIG. 5 illustrates a method for receiving andimplementing policies for multiple sub-regions. At step 510, averification mechanism may receive verification that a source isauthorized to provide mobile-computing-device policies for a firstphysical location. A policy module may then receive a firstmobile-computing-device policy (step 520). At step 530, a locationmodule may receive a first set of geographical coordinates thatcorrespond to a first sub-region within the first physical location. Atstep 540, the location module may receive a second set of geographicalcoordinates that correspond to a second sub-region within the firstphysical location. At step 550, a computing device similar to computingdevice 102 may associate the first mobile-computing-device policy withthe first sub-region, and at step 560 the computing device may associatea second mobile-computing-device with the second sub-region. At step570, an implementation module may implement, based on the verification,first mobile-computing-device policy at the first physical location.

In some exemplary embodiments, the physical locations described inmethods 400 and 500 may correspond to boundaries of buildings. Incertain embodiments, a sub-region may be identified within the firstphysical location. FIG. 6 illustrates a first physical location and asub-region located within the first physical location. A boundary 602may be defined to encompass building 604. A sub-boundary 612 may bedefined to encompass a room 614 within building 604.

In one example, building 604 may be a school and room 614 may be thelibrary of the school. A location module may identify boundary 602 asthe first physical location. A policy may be received defining that allcell-phones within boundary 602 be on the lowest ringer setting and thatincoming and outgoing calls would not be permitted except for duringlunch hours. The location module may also identify sub-boundary 612 asgeographical coordinates corresponding to a sub-region within the firstphysical location. A policy may be associated with sub-boundary 612defining that all cell phones may be set to vibrate and no incoming oroutgoing calls may be allowed except for emergency phone numbers. Thepolicy may also state that laptops are fully functional but restrictedfrom visiting certain websites.

A physical location may be defined by a boundary of any shape or size.In some embodiments, a boundary box may be defined using twogeographical coordinates (e.g., latitude and longitude coordinates). Aboundary may also be defined with more than two geographical coordinatesand may provide a useful tool to develop boundaries unique to thephysical locations they correspond to. In some embodiments, identifyingthe first physical location includes receiving at least threecoordinates. Boundaries of various different shapes and sizes may bedefined by three or more geographical coordinates.

In certain exemplary embodiments, physical locations and sub-regions maybe identified by an internet-based interface. The internet-basedinterface may be provided by the location module. The interface mayprovide tools that allow a location-policy administrator to draw and/ordefine different shapes and boundaries to define the first physicallocation and sub-regions. For example, software may be provided on acomputing system similar to computing device 102 in FIG. 1 that allows aprincipal of a school to identify the boundaries of a school. Theinternet-based interface may provide tools for the principal to aid indeveloping unique shapes to fit the shape of the school and/or roomswithin the school.

In some embodiments, a first physical location may include more than onesub-region. FIG. 7 illustrates exemplary drawings of multiplesub-regions. FIG. 7 illustrates a real-world location 700. Real-worldlocation 700 may include a boundary 702 defined to be around a building704. A sub-boundary 712 may be defined around an area 714, and asub-boundary 722 may be defined around an area 724.

In one embodiment, real-world location 700 may be located¹ in a city.Building 704 may be a church, area 714 may be a chapel within thechurch, and area 724 may be a community center within the church.Boundary 702 may be referred to as a physical location. Sub-boundary 712and sub-boundary 722 may be referred to as first and second sub-regions.In this example, a pastor may want to define policy that will turn offcell-phones for members of the congregation in the chapel and allowlimited cell phone use in the community center. The pastor may also wantto allow full use of cell-phones in anywhere else in the church (e.g.,hallways, bathrooms, foyers). Boundary 702, being the whole church, maynot be associated with any policy. Sub-boundary 712 may be associatedwith the chapel's “no cell phone usage” policy. Sub-boundary may 722 maybe associated with the community center's “limited cell phone use”policy.

In some embodiments, implementing the first mobile-computing-devicepolicy includes determining that a mobile-computing device is within thefirst physical location. FIG. 8 is an illustration of exemplary method800 for implementing, based on the verification, the firstmobile-computing-device policy at the first physical location. Method800 shows exemplary communications between an implementation module 810and a mobile-computing device 820. At step 830, mobile-computing device820 may transmit location information to implementation module 810. Forexample, a cell phone may transmit GPS coordinates or may use any othertriangulation or location technology to determine where the cell phoneis located. At step 832, implementation module 810 may receive locationinformation. At step 834 implementation module 810 may associate thelocation information with a mobile-computing-device policy. At step 836,implementation module 836 may transmit the policy to themobile-computing device. At step 838, the policy may be implemented(e.g., enforced) on the mobile-computing device.

FIG. 8 may correspond to exemplary embodiments of FIG. 7. For example, achurch patron's cell phone may transmit a GPS signal to animplementation module server every five seconds. When the patron entersbuilding the church, the cell phone may transmit GPS coordinates to theimplementation module. The implementation module may receive thepatron's cell phones coordinates and search for a database for anassociated policy. Because there may be no policy associated withbuilding 704, no policy will be transmitted to the patron's cell phone.Once the church patron enters area 714, the cell phone may transmit itsGPS again to implementation module 810. The implementation may associatethe location information of the patron's cell phone with the policy forsub-boundary 712 (the chapel's policy). At step 836 this policy may thenbe transmitted to the patron's cell phone, and at step 838 the cellphone may enforce the policy by turning off while in the chapel.

According to various embodiments, receiving verification that a sourceis authorized to provide mobile-computing-device policies may comprisereceiving verification that a source has authority to create or changeone or more mobile-computing device policies associated with a physicallocation. In various embodiments, receiving a first mobile-computingdevice policy may comprise allowing a location administrator to set orselect one or more device-setting policies for a particularmobile-computing device or a set of mobile-computing devices. In someembodiments, a location administrator may be provided with an accountthat allows the administrator to input or change policies for amobile-computing device. The location administrator may inputmobile-computing device policies through an Internet-based interface orany other suitable interface.

According to various embodiments, identifying a first physical locationmay comprise receiving, from the administrator, geographical coordinatesof the first physical location. As previously discussed, identifying thefirst physical location may comprise receiving, from the administrator,boundaries of the first physical location. In at least one embodiment,identifying the first physical location may comprise receiving anaddress of the first physical location. In such embodiments, the addressmay be converted into geographical coordinates or any other suitableboundary definition for the first physical location.

After receiving the mobile-computing-device policy for themobile-computing device and the identification of the first physicallocation, the management module may store the mobile-computing deviceand the identification of the first physical location in a record. Therecord may be stored in a database or any other suitable storagemechanism.

When the a mobile-computing device enters the first physical location,an implementation module may implement the mobile-computing-devicepolicy on the mobile computing device. In some embodiments, implementinga mobile-computing-device policy may comprise changing a first settingon the first mobile-computing device while the first mobile-computingdevice is within the first physical location. The setting may beassociated with the first mobile-computing device policy. For examplethe setting may be a volume setting, and the mobile-computing-devicepolicy may be a volume level of “3.” Implementing the firstmobile-computing-device policy may comprise changing the volume level onthe device to “3” if the volume level is not already set to “3.” If thevolume level is already set to “3,” the mobile-computing device mayverify that the volume level matches the mobile-computing-device policy.In other embodiments, the mobile-computing device may do nothing if thevolume level already matches the mobile-computing-device policy.

FIG. 9 is a block diagram of an exemplary computing system 910 capableof implementing one or more of the embodiments described and/orillustrated herein. Computing system 910 broadly represents any singleor multi-processor computing device or system capable of executingcomputer-readable instructions. Examples of computing system 910include, without limitation, workstations, laptops, client-sideterminals, servers, distributed computing systems, handheld devices, orany other computing system or device. In its most basic configuration,computing system 910 may comprise at least one processor 914 and asystem memory 916.

Processor 914 generally represents any type or form of processing unitcapable of processing data or interpreting and executing instructions.In certain embodiments, processor 914 may receive instructions from asoftware application or module. These instructions may cause processor914 to perform the functions of one or more of the exemplary embodimentsdescribed and/or illustrated herein. For example, processor 914 mayperform and/or be a means for performing, either alone or in combinationwith other elements, one or more of the receiving, comparing,identifying, transmitting, receiving, broadcasting, and determiningsteps described herein. Processor 914 may also perform and/or be a meansfor performing any other steps, methods, or processes described and/orillustrated herein.

System memory 916 generally represents any type or form of volatile ornon-volatile storage device or medium capable of storing data and/orother computer-readable instructions. Examples of system memory 916include, without limitation, random access memory (RAM), read onlymemory (ROM), flash memory, or any other suitable memory device.Although not required, in certain embodiments computing system 910 maycomprise both a volatile memory unit (such as system memory 916) and anon-volatile storage device (such as primary storage device 932, asdescribed in detail below).

In certain embodiments, exemplary computing system 910 may also compriseone or more components or elements in addition to processor 914 andsystem memory 916. For example, as illustrated in FIG. 9, computingsystem 910 may comprise a memory controller 918, an Input/Output (I/O)controller 920, and a communication interface 922, each of which may beinterconnected via a communication infrastructure 912. Communicationinfrastructure 912 generally represents any type or form ofinfrastructure capable of facilitating communication between one or morecomponents of a computing device. Examples of communicationinfrastructure 912 include, without limitation, a communication bus(such as an ISA, PCI, PCIe, or similar bus) and a network.

Memory controller 918 generally represents any type or form of devicecapable of handling memory or data or controlling communication betweenone or more components of computing system 910. For example, in certainembodiments memory controller 918 may control communication betweenprocessor 914, system memory 916, and I/O controller 920 viacommunication infrastructure 912. In certain embodiments, memorycontroller may perform and/or be a means for performing, either alone orin combination with other elements, one or more of the steps or featuresdescribed and/or illustrated herein, such as receiving, comparing,identifying, transmitting, receiving, broadcasting, and determining.

I/O controller 920 generally represents any type or form of modulecapable of coordinating and/or controlling the input and outputfunctions of a computing device. For example, in certain embodiments I/Ocontroller may control or facilitate transfer of data between one ormore elements of computing system 910, such as processor 914, systemmemory 916, communication interface 922, display adapter 926, inputinterface 930, and storage interface 934. I/O controller 920 may beused, for example, to perform and/or be a means for performing, eitheralone or in combination with other elements, one or more of thereceiving, comparing, identifying, transmitting, receiving,broadcasting, and determining steps described herein. I/O controller 920may also be used to perform and/or be a means for performing other stepsand features set forth in the instant disclosure.

Communication interface 922 broadly represents any type or form ofcommunication device or adapter capable of facilitating communicationbetween exemplary computing system 910 and one or more additionaldevices. In certain embodiments, communication interface 922 mayfacilitate communication between computing system 910 and a private orpublic network comprising additional computing systems. Examples ofcommunication interface 922 include, without limitation, a wired networkinterface (such as a network interface card), a wireless networkinterface (such as a wireless network interface card), a modem, and anyother suitable interface. In at least one embodiment, communicationinterface 922 may provide a direct connection to a remote server via adirect link to a network, such as the Internet. Communication interface922 may also indirectly provide such a connection through, for example,a local area network (such as an Ethernet network), a personal areanetwork (such as a BLUETOOTH network), a telephone or cable network, acellular telephone connection, a satellite data connection, or any othersuitable connection.

In certain embodiments, communication interface 922 may also represent ahost adapter configured to facilitate communication between computingsystem 910 and one or more additional network or storage devices via anexternal bus or communications channel. Examples of host adaptersinclude, without limitation, SCSI host adapters, USB host adapters, IEEE1394 host adapters, SATA and eSATA host adapters, ATA and PATA hostadapters, Fibre Channel interface adapters, Ethernet adapters, or thelike. Communication interface 922 may also allow computing system 910 toengage in distributed or remote computing. For example, communicationinterface 922 may receive instructions from a remote device or sendinstructions to a remote device for execution. In certain embodiments,communication interface 922 may perform and/or be a means forperforming, either alone or in combination with other elements, one ormore of the receiving, comparing, identifying, transmitting, receiving,broadcasting, and determining steps disclosed herein. Communicationinterface 922 may also be used to perform and/or be a means forperforming other steps and features set forth in the instant disclosure.

As illustrated in FIG. 9, computing system 910 may also comprise atleast one display device 924 coupled to communication infrastructure 912via a display adapter 926. Display device 924 generally represents anytype or form of device capable of visually displaying informationforwarded by display adapter 926. Similarly, display adapter 926generally represents any type or form of device configured to forwardgraphics, text, and other data from communication infrastructure 912 (orfrom a frame buffer, as known in the art) for display on display device924.

As illustrated in FIG. 9, exemplary computing system 910 may alsocomprise at least one input device 928 coupled to communicationinfrastructure 912 via an input interface 930. Input device 928generally represents any type or form of input device capable ofproviding input, either computer or human generated, to exemplarycomputing system 910. Examples of input device 928 include, withoutlimitation, a keyboard, a pointing device, a speech recognition device,or any other input device. In at least one embodiment, input device 928may perform and/or be a means for performing, either alone or incombination with other elements, one or more of the receiving,comparing, identifying, transmitting, receiving, broadcasting, anddetermining steps disclosed herein. Input device 928 may also be used toperform and/or be a means for performing other steps and features setforth in the instant disclosure.

As illustrated in FIG. 9, exemplary computing system 910 may alsocomprise a primary storage device 932 and a backup storage device 933coupled to communication infrastructure 912 via a storage interface 934.Storage devices 932 and 933 generally represent any type or form ofstorage device or medium capable of storing data and/or othercomputer-readable instructions. For example, storage devices 932 and 933may be a magnetic disk drive (e.g., a so-called hard drive), a floppydisk drive, a magnetic tape drive, an optical disk drive, a flash drive,or the like. Storage interface 934 generally represents any type or formof interface or device for transferring data between storage devices 932and 933 and other components of computing system 910.

In certain embodiments, storage devices 932 and 933 may be configured toread from and/or write to a removable storage unit configured to storecomputer software, data, or other computer-readable information.Examples of suitable removable storage units include, withoutlimitation, a floppy disk, a magnetic tape, an optical disk, a flashmemory device, or the like. Storage devices 932 and 933 may alsocomprise other similar structures or devices for allowing computersoftware, data, or other computer-readable instructions to be loadedinto computing system 910. For example, storage devices 932 and 933 maybe configured to read and write software, data, or othercomputer-readable information. Storage devices 932 and 933 may also be apart of computing system 910 or may be a separate device accessedthrough other interface systems.

In certain embodiments, the exemplary file systems disclosed herein maybe stored on primary storage device 932, while the exemplary file-systembackups disclosed herein may be stored on backup storage device 933.Storage devices 932 and 933 may also be used, for example, to performand/or be a means for performing, either alone or in combination withother elements, one or more of the receiving, comparing, identifying,transmitting, receiving, broadcasting, and determining steps disclosedherein. Storage devices 932 and 933 may also be used to perform and/orbe a means for performing other steps and features set forth in theinstant disclosure.

Many other devices or subsystems may be connected to computing system910. Conversely, all of the components and devices illustrated in FIG. 9need not be present to practice the embodiments descried and/orillustrated herein. The devices and subsystems referenced above may alsobe interconnected in different ways from that shown in FIG. 9. Computingsystem 910 may also employ any number of software, firmware, and/orhardware configurations. For example, one or more of the exemplaryembodiments disclosed herein may be encoded as a computer program (alsoreferred to as computer software, software applications,computer-readable instructions, or computer control logic) on acomputer-readable medium. The phrase “computer-readable medium”generally refers to any form of device, carrier, or medium capable ofstoring or carrying computer-readable instructions. Examples ofcomputer-readable media include, without limitation, transmission-typemedia, such as carrier waves, and physical media, such asmagnetic-storage media (e.g., hard disk drives and floppy disks),optical-storage media (e.g., CD- or DVD-ROMs), electronic-storage media(e.g., solid-state drives and flash media), and other distributionsystems.

The computer-readable medium containing the computer program may beloaded into computing system 910. All or a portion of the computerprogram stored on the computer-readable medium may then be stored insystem memory 916 and/or various portions of storage devices 932 and933. When executed by processor 914, a computer program loaded intocomputing system 910 may cause processor 914 to perform and/or be ameans for performing the functions of one or more of the exemplaryembodiments described and/or illustrated herein. Additionally oralternatively, one or more of the exemplary embodiments described and/orillustrated herein may be implemented in firmware and/or hardware. Forexample, computing system 910 may be configured as an applicationspecific integrated circuit (ASIC) adapted to implement one or more ofthe exemplary embodiments disclosed herein.

FIG. 10 is a block diagram of an exemplary network architecture 1000 inwhich client systems 1010, 1020, and 1030 and servers 1040 and 1045 maybe coupled to a network 1050. Client systems 1010, 1020, and 1030generally represent any type or form of computing device or system, suchas exemplary computing system 910 in FIG. 9. Similarly, servers 1040 and1045 generally represent computing devices or systems, such asapplication servers or database servers, configured to provide variousdatabase services and/or to run certain software applications. Network1050 generally represents any telecommunication or computer network;including, for example, an intranet, a wide area network (WAN), a localarea network (LAN), a personal area network (PAN), or the Internet.

As illustrated in FIG. 10, one or more storage devices 1060(1)-(N) maybe directly attached to server 1040. Similarly, one or more storagedevices 1090(1)-(N) may be directly attached to server 1045. Storagedevices 1060(1)-(N) and storage devices 1090(1)-(N) generally representany type or form of storage device or medium capable of storing dataand/or other computer-readable instructions. In certain embodiments,storage devices 1060(1)-(N) and storage devices 1090(1)-(N) mayrepresent network-attached storage (NAS) devices configured tocommunicate with servers 1040 and 1045 using various protocols, such asNFS, SMB, or CIFS.

Servers 1040 and 1045 may also be connected to a storage area network(SAN) fabric 1080. SAN fabric 1080 generally represents any type or formof computer network or architecture capable of facilitatingcommunication between a plurality of storage devices. SAN fabric 1080may facilitate communication between servers 1040 and 1045 and aplurality of storage devices 1090(1)-(N) and/or an intelligent storagearray 1095. SAN fabric 1080 may also facilitate, via network 1050 andservers 1040 and 1045, communication between client systems 1010, 1020,and 1030 and storage devices 1090(1)-(N) and/or intelligent storagearray 1095 in such a manner that storage devices 1090(1)-(N) andintelligent storage array 1095 appear as locally attached devices toclient systems 1010, 1020, and 1030. As with storage devices 1060(1)-(N)and storage devices 1070(1)-(N), storage devices 1090(1)-(N) andintelligent storage array 1095 generally represent any type or form ofstorage device or medium capable of storing data and/or othercomputer-readable instructions.

In certain embodiments, and with reference to exemplary computing system910 of FIG. 9, a communication interface, such as communicationinterface 922 in FIG. 9, may be used to provide connectivity betweeneach client system 1010, 1020, and 1030 and network 1050. Client systems1010, 1020, and 1030 may be able to access information on servers 1040or 1045 using, for example, a web browser or other client software. Suchsoftware may allow client systems 1010, 1020, and 1030 to access datahosted by server 1040, server 1045, storage devices 1060(1)-(N), storagedevices 1070(1)-(N), storage devices 1090(1)-(N), or intelligent storagearray 1095. Although FIG. 10 depicts the use of a network (such as theInternet) for exchanging data, the embodiments described and/orillustrated herein are not limited to the Internet or any particularnetwork-based environment.

In at least one embodiment, all or a portion of one or more of theexemplary embodiments disclosed herein may be encoded as a computerprogram and loaded onto and executed by server 1040, server 1045,storage devices 1060(1)-(N), storage devices 1070(1)-(N), storagedevices 1090(1)-(N), intelligent storage array 1095, or any combinationthereof. All or a portion of one or more of the exemplary embodimentsdisclosed herein may also be encoded as a computer program, stored inserver 1040, run by server 1045, and distributed to client systems 1010,1020, and 1030 over network 1050. Accordingly, network architecture 1000may perform and/or be a means for performing, either alone or incombination with other elements, one or more of the receiving,comparing, identifying, transmitting, receiving, broadcasting, anddetermining steps disclosed herein. Network architecture 1000 may alsobe used to perform and/or be a means for performing other steps andfeatures set forth in the instant disclosure.

As detailed above, computing system 1010 and/or one or more of thecomponents of network architecture 1000 may perform and/or be a meansfor performing, either alone or in combination with other elements, oneor more steps of the exemplary methods described and/or illustratedherein. In one embodiment, this exemplary computer-implemented methodmay comprise identifying login information for a first user accountassociated with the first online community, accessing the first useraccount using the login information from the first user account,obtaining information from the first user account, and modifying, basedon the information obtained from the first user account, a second useraccount associated with the second online community.

In some embodiments, identifying the login information for the firstuser account may comprise receiving the login information for the firstuser account from a user or retrieving the login information from thefirst user account from a login-information database. The method mayfurther comprise, prior to modifying the second user account associatedwith the second online community, identifying login information for thesecond user account and accessing the second user account using thelogin information for the second user account. The method may alsofurther comprise obtaining information from the second user account andmodifying, based on the information obtained from the second useraccount, the first user account.

In certain embodiments, accessing the first user account may compriselogging in to the first user account using the login information for thefirst user account. Accessing the first user account may also compriseaccessing the first user account using a community-specific accessmodule. In addition, obtaining information from the first user accountmay comprise receiving computer-readable data associated with the firstuser account or extracting human-readable data associated with the firstuser account.

In at least one embodiment, the information obtained from the first useraccount may comprise user-account data. The information obtained fromthe first user account may also comprise at least one contact record,which may comprise contact identification information, an email address,a phone number, a fax number, a mailing address, a website address, oran instant-messaging address.

In certain embodiments, modifying the second user account may compriseediting, based on the information obtained from the first user account,at least one preexisting contact record, creating, based on theinformation obtained from the first user account, at least one newcontact record, or deleting at least one contact record. In addition,modifying the second user account may comprise creating the second useraccount and the second online community, creating, based on theinformation obtained from the first user account, at least one newcontact record for the second user account, and transmitting aninvitation to join the second online community to a contact identifiedin the at least one new contact record.

In some embodiments, the method may also comprise providing a graphicaluser interface that allows a user to modify login information, communityaccess settings, community synchronization settings, or the like. Themethod may also comprise modifying, based on the information obtainedfrom the first user account, a third user account associated with athird online community. In addition, the method may further comprise,prior to accessing the first user account, receiving a request from auser to synchronize the first user account with the second user account.

Computing system 1010 and/or one or more of the components of networkarchitecture 1000 may also represent all or portions of exemplary system100 in FIG. 1. For example, computing system 1010 and/or one or more ofthe components of network architecture 1000 may represent portions of asystem for automatically synchronizing online communities, which systemmay comprise a login module for managing login information for at leasta first user account associated with the first online community, acommunity-access module for accessing the first user account using thelogin information for the first user account, and obtaining informationfrom the first user account, and a community synchronization module formodifying, based on the information obtained from the first useraccount, a second user account associated with the second onlinecommunity.

In certain embodiments, the community-access module may further compriseat least one community-specific access module. In addition, the systemmay further comprise a graphical-user-interface module for providing agraphical user interface that allows a user to modify login information,community access settings, or synchronization settings.

The system may also comprise a login-information database for storinglogin information for user accounts associated with online communities,and obtain-information data base for storing information obtained fromonline communities, and a community-specific-access-module database forstoring community-specific access modules.

As detailed above, all or portions of exemplary system 100 in FIG. 1(such as modules 104-112) may represent a software application orprogram that, when executed by a computing device, may cause thecomputing device to perform one or more tasks required to automaticallysynchronize online communities. In this embodiment, all or portions ofexemplary system 100 in FIG. 1 may represent computer-readable mediacomprising one or more computer-executable instructions that, whenexecuted by a computing device, may cause a computing device to identifylogin information for a first user account associated with the firstonline community, access the first user account using the logininformation for the first user account, obtain information from thefirst user account, and modify, based on the information obtained fromthe first user account, a second user account associated with the secondonline community.

While the foregoing disclosure sets forth various embodiments usingspecific block diagrams, flowcharts, and examples, each block diagramcomponent, flowchart step, operation, and/or component described and/orillustrated herein may be implemented, individually and/or collectively,using a wide range of hardware, software, or firmware (or anycombination thereof) configurations. In addition, any disclosure ofcomponents contained within other components should be consideredexemplary in nature since many other architectures can be implemented toachieve the same functionality.

The process parameters and sequence of steps described and/orillustrated herein are given by way of example only and can be varied asdesired. For example, while the steps illustrated and/or describedherein may be shown or discussed in a particular order, these steps donot necessarily need to be performed in the order illustrated ordiscussed. The various exemplary methods described and/or illustratedherein may also omit one or more of the steps described or illustratedherein or include additional steps in addition to those disclosed.

Furthermore, while various embodiments have been described and/orillustrated herein in the context of fully functional computing systems,one or more of these exemplary embodiments may be distributed as aprogram product in a variety of forms, regardless of the particular typeof computer-readable media used to actually carry out the distribution.The embodiments disclosed herein may also be implemented using softwaremodules that perform certain tasks. These software modules may includescript, batch, or other executable files that may be stored on acomputer-

readable storage medium or in a computing system. In some embodiments,these software modules may configure a computing system to perform oneor more of the exemplary embodiments disclosed herein.

The preceding description has been provided to enable others skilled inthe art to best utilize various aspects of the exemplary embodimentsdisclosed herein. This exemplary description is not intended to beexhaustive or to be limited to any precise form disclosed. Manymodifications and variations are possible without departing from thespirit and scope of the instant disclosure. The embodiments disclosedherein should be considered in all respects illustrative and notrestrictive. Reference should be made to the appended claims and theirequivalents in determining the scope of the instant disclosure.

Unless otherwise noted, the terms “a” or “an,” as used in thespecification and claims, are to be construed as meaning “at least oneof.” In addition, for ease of use, the words “including” and “having,”as used in the specification and claims, are interchangeable with andhave the same meaning as the word “comprising.”

1. A computer-implemented method for administering policies for physicallocations, at least a portion of the computer-implemented method beingperformed by a computing device comprising at least one processor, thecomputer-implemented method comprising: receiving verification that asource is authorized to provide mobile-computing-device policiesspecific to a first physical location; receiving a firstmobile-computing-device policy specific to the first physical location;identifying the first physical location, wherein identifying the firstphysical location comprises at least one of receiving, from the source,a set of geographical coordinates of the first physical location,receiving, from the source, boundaries of the first physical location,and/or receiving, from the source, an address of the first physicallocation; associating the first mobile-computing-device policy with thefirst physical location such that the first mobile-computing-devicepolicy is implemented while a mobile-computing device is located withinthe first physical location; determining that the mobile-computingdevice is located within the first physical location; implementing thefirst mobile-computing-device policy at the first physical location inresponse to the mobile-computing device being located within the firstphysical location.
 2. The computer-implemented method of claim 1,wherein: the source is a location-policy administrator, thelocation-policy administrator being authorized to provide the firstpolicy for the first physical location; receiving the firstmobile-computing-device policy comprises identifying that the firstmobile-computing-device policy is received from the location-policyadministrator.
 3. The computer-implemented method of claim 1, whereinreceiving verification comprises: accessing a database that storesinformation that identifies sources that are authorized to providepolicies for a particular location; searching the database to verifythat the source is authorized to provide the first policy specific tothe first physical location.
 4. The computer-implemented method of claim1, wherein receiving verification that the source is authorized toprovide mobile-computing-device policies specific to the first physicallocation comprises verifying that the source is authorized by:contacting an owner of a building; verifying that the owner of thebuilding is authorized to provide policies specific to the building. 5.The computer-implemented method of claim 1, wherein implementing thefirst mobile-computing-device policy comprises: enforcing the firstmobile-computing-device policy on at least one of: a mobile phone; alaptop; a personal digital assistant device.
 6. The computer-implementedmethod of claim 1, wherein receiving verification further comprises:prompting mail to be sent to a physical address associated with thefirst physical location, the mail comprising information capable ofbeing used by the source to confirm that the source is authorized toprovide the first policy specific to the first physical location.
 7. Thecomputer-implemented method of claim 1, wherein: identifying the firstphysical location comprises: receiving, through an internet-basedinterface, a first location identifier that corresponds to the firstphysical location; receiving the first mobile-computing-device policycomprises: receiving, through an internet-based interface, the firstmobile-computing-device policy.
 8. The computer-implemented method ofclaim 1, further comprising: receiving the set of geographicalcoordinates that corresponds to a sub-region within the first physicallocation; receiving a second mobile-computing-device policy; associatingthe second mobile-computing-device policy with the sub-region.
 9. Thecomputer-implemented method of claim 1, wherein: identifying the firstphysical location comprises: receiving a first set of geographicalcoordinates that corresponds to a first sub-region within the firstphysical location; receiving a second set of geographical coordinatesthat corresponds to a second sub-region within the first physicallocation; associating the first mobile-computing-device policy with thefirst physical location comprises: associating the firstmobile-computing device policy with the first sub-region; associating asecond mobile-computing device policy with the second sub-region. 10.The computer implemented method of claim 1, wherein receivingverification that the source is authorized to providemobile-computing-device policies specific to the first physical locationcomprises verifying that the source is authorized by: contacting aprincipal of a school; verifying that the principal of the school isauthorized to provide policies specific to school grounds.
 11. Thecomputer-implemented method of claim 1, wherein receiving verificationthat the source is authorized to provide mobile-computing-devicepolicies specific to the first physical location comprises: enabling athird party to verify that the source is authorized to providemobile-computing-device policies specific to the first physicallocation.
 12. A system for administering policies for physicallocations, the system comprising: a verification mechanism configured toverify that a source is authorized to provide mobile-computing-devicepolicies specific to a first physical location, wherein the verificationmechanism is configured to perform at least one of receiving, from thesource, a set of geographical coordinates of the first physicallocation, receiving, from the source, boundaries of the first physicallocation, and/or receiving, from the source, an address of the firstphysical location; a policy module configured to receive a firstmobile-computing-device policy specific to the first physical location;a location module configured to identify the first physical location; apolicy-location-information database configured to store policyinformation; an implementation module configured to enforce the firstmobile-computing-device policy on a mobile-computing device located atthe first physical location in response to the mobile-computing devicebeing located within the first physical location; at least one hardwareprocessor configured to execute the policy module, the location module,and the implementation module.
 13. The system of claim 12 furthercomprising a server, wherein the server comprises the verificationmechanism, the policy module, the location module, thepolicy-location-information database, and the implementation module. 14.The system of claim 12, wherein the implementation module furthercomprises: the mobile-computing device being configured to transmitlocation information; a device-location mechanism configured to receivelocation information from the mobile computing device; a determinationmodule configured to determine whether the location informationindicates that the mobile computing device is within the first physicallocation; a transmission mechanism configured to send the firstmobile-computing-device policy to the mobile computing device; anenforcement module configured to enforce the firstmobile-computing-device policy on the mobile computing device.
 15. Thesystem of claim 12, wherein the verification mechanism comprises: anotification mechanism configured to send a notification to a physicaladdress associated with the first physical location; a confirmationmechanism configured to receive confirmation from the source.
 16. Thesystem of claim 12, wherein the verification mechanism comprises: anauthorization database configured to store source authorization data; anauthorization search module configured to search the authorizationdatabase for source authorization data.
 17. A non-transitorycomputer-readable-storage medium comprising one or morecomputer-executable instructions that, when executed by at least oneprocessor of a mobile-computing device, cause the mobile-computingdevice to: receive verification that a source is authorized to providemobile-computing-device policies specific to a first physical location;receive a first mobile-computing-device policy specific to the firstphysical location; identify the first physical location; associate thefirst mobile-computing-device policy with the first physical locationsuch that the first mobile-computing-device policy is implemented whilethe mobile-computing device is located within the first physicallocation; implement the first mobile-computing-device policy at thefirst physical location in response to the mobile-computing device beinglocated within the first physical location; receive a set ofgeographical coordinates that corresponds to a sub-region within thefirst physical location; receive a second mobile-computing-devicepolicy; associate the second mobile-computing-device policy with thesub-region.